Documentation
Start typing to search…

OAuth 2.0 Policies

Compliance with Terms

All developers using the RaidenX API must comply with the applicable terms of service and privacy policies. It is essential to read and understand these documents, as they may be updated periodically.

OAuth Client Registration

Every application utilizing the RaidenX API must register at least one OAuth client. Each platform, such as web, mobile, or IoT, requires a separate OAuth client. Proper registration ensures that the app functions securely and efficiently.

Environment Separation

Developers must maintain separate projects for different environments, including development, staging, and production. A production app should not be for personal use and must be accessible to users beyond a small, personal group.

Contact Management

Keep contact information for project owners and editors current. This ensures timely communication regarding updates or notifications related to the RaidenX API.

Secure Credential Handling

Treat OAuth client credentials with utmost care. Store them securely and never expose them in publicly available repositories. Utilize secret management tools where possible.

Token Security

User tokens must be handled securely. Tokens should never be transmitted in plaintext and should be encrypted when stored. Revoke tokens when they are no longer needed.

Identity Representation

Provide accurate branding information, including a valid name and logo, that reflects the application's identity. For production apps, this information must be verified to prevent misuse.

Scope Management

Only request the minimum necessary scopes required for functionality. Ensure that the requested scopes align with the app’s capabilities and that updates to scopes are reflected in the project configuration.

Verification for Sensitive Scopes

If the application uses sensitive or restricted scopes, submit these for verification through the RaidenX API management console. This is essential to maintain compliance and secure access.

Domain Ownership

Use only redirect URIs and JavaScript origins that refer to domains owned or authorized by your organization. This helps prevent unauthorized access and maintains security.

Public Homepage Requirement

Every production app must have a publicly accessible homepage that includes a description of the app, terms of service, and a privacy policy. This page must be hosted on a verified domain.

Secure Browsing

Ensure that OAuth requests are directed to secure browsers. Avoid using embedded user-agents that can compromise security.

Consent Handling

When requesting user consent for multiple scopes, ensure users can grant or deny specific scopes. If any scope is denied, disable related functionalities in the app.

Refresh Token Management

Be aware that refresh tokens can be invalidated at any time. Integrate notification systems for token revocation to enhance user experience.

This policy aims to ensure that the RaidenX API is used securely and responsibly, providing a safe experience for both developers and users.

Updated 6 months ago